<div dir="ltr">Excellent work Tapani, thanks! It's working fine for me.<div class="gmail_extra"><div><div class="m_3956312984592572335m_5421794479016187318gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div><br></div><div><font size="2" face="arial, helvetica, sans-serif">-Michael<br></font></div><div dir="ltr"><div><div dir="ltr"><div dir="ltr"></div></div></div>
</div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div>
<br><div class="gmail_quote">On Thu, Aug 3, 2017 at 3:22 PM, Tapani Tarvainen <span dir="ltr"><<a href="mailto:ncuc@tapani.tarvainen.info" target="_blank">ncuc@tapani.tarvainen.info</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">OK, SSL implemented using <a href="http://letsencrypt.org" rel="noreferrer" target="_blank">letsencrypt.org</a>.<br>
<br>
I set it up with three separate certificates:<br>
<br>
<a href="http://ncuc.org" rel="noreferrer" target="_blank">ncuc.org</a> + <a href="http://www.ncuc.org" rel="noreferrer" target="_blank">www.ncuc.org</a><br>
<a href="http://lists.ncuc.org" rel="noreferrer" target="_blank">lists.ncuc.org</a><br>
<a href="http://oldwww.ncuc.org" rel="noreferrer" target="_blank">oldwww.ncuc.org</a><br>
<br>
as those might be split to different machines at some point.<br>
<br>
Please report ASAP if you encounter any problems.<br>
<br>
Tapani<br>
<br>
On Tue, Aug 01, 2017 at 05:24:22PM -0500, Renata Aquino Ribeiro (<a href="mailto:raquino@gmail.com" target="_blank">raquino@gmail.com</a>) wrote:<br>
><br>
> Letsencrypt I only hear good things<br>
><br>
> Em 01/08/2017 16:01, "David Cake" <<a href="mailto:davecake@gmail.com" target="_blank">davecake@gmail.com</a>> escreveu:<br>
><br>
> Yeah, lets encrypt can just be scripted for the cert to be renewed<br>
> automatically, requires no host or reg support.<br>
><br>
> We’ve got no need for any higher form of cert (like an EV) and lets encrypt<br>
> is free, and low maintenance, so I am in favour of it.<br>
><br>
> David<br>
><br>
><br>
> On 1 Aug 2017, at 9:30 pm, Tapani Tarvainen <<a href="mailto:ncuc@tapani.tarvainen.info" target="_blank">ncuc@tapani.tarvainen.info</a>><br>
> wrote:<br>
><br>
> Hi Brenden,<br>
><br>
> Like just about all registrars and their resellers, Gandi offers<br>
> certificates of various kinds, but they cost money (admittedly little)<br>
> and perhaps more important, require manual intervention to renew.<br>
><br>
> Mainly for the latter reason I would suggest at least starting with<br>
> <a href="http://letsencrypt.org" rel="noreferrer" target="_blank">letsencrypt.org</a>. Its automatic update system works quite well nowadays<br>
> and does not require any special support from Gandi - it's basically<br>
> just a program that needs to be installed, once, and set up to run<br>
> automatically to renew the certificate as needed.<br>
><br>
> If you want to set it up, I'll be happy to help.<br>
><br>
> Tapani<br>
><br>
> On Tue, Aug 01, 2017 at 08:06:58AM -0400, Brenden Kuerbis (<br>
> <a href="mailto:bkuerbis@internetgovernance.org" target="_blank">bkuerbis@internetgovernance.or<wbr>g</a>) wrote:<br>
><br>
><br>
> I wouldn't mind learning how to implement/manage a Let'sEncrypt cert.<br>
><br>
> But we really should consider the ongoing maintenance (namely who is<br>
> doing it). Does Gandi support keeping a LetEncrypt cert updated<br>
> automatically?<br>
><br>
> If not, maybe Gandi offers a cert service we should consider?<br>
> ------------------------------<wbr>---------<br>
> Brenden Kuerbis<br>
> Internet Governance Project<br>
> <a href="http://internetgovernance.org" rel="noreferrer" target="_blank">http://internetgovernance.org</a><br>
><br>
><br>
> On Tue, Aug 1, 2017 at 3:14 AM, Tapani Tarvainen<br>
> <<a href="mailto:ncuc@tapani.tarvainen.info" target="_blank">ncuc@tapani.tarvainen.info</a>> wrote:<br>
><br>
> Dear all,<br>
><br>
> It was brought to my attention that <a href="http://ncuc.org" rel="noreferrer" target="_blank">ncuc.org</a> does not use SSL.<br>
><br>
> There is no really good reason for that. It was one of the things<br>
> in my to-do list when I left NCUC EC rather suddenly in 2013,<br>
> and nobody picked the task up.<br>
><br>
> Back then it would've cost money, too, but now it could be done<br>
> for free using <a href="http://letsencrypt.org" rel="noreferrer" target="_blank">letsencrypt.org</a>.<br>
><br>
> So I'd propose we do just that.<br>
><br>
> I can do it, it's easy enough, but I'm of course also happy to let<br>
> someone else do it (I can assist if someone wants to do it in order<br>
> to learn, too).<br>
><br>
> --<br>
> Tapani Tarvainen<br>
______________________________<wbr>_________________<br>
E-team mailing list<br>
<a href="mailto:E-team@lists.ncuc.org" target="_blank">E-team@lists.ncuc.org</a><br>
<a href="http://lists.ncuc.org/cgi-bin/mailman/listinfo/e-team" rel="noreferrer" target="_blank">http://lists.ncuc.org/cgi-bin/<wbr>mailman/listinfo/e-team</a><br>
</blockquote></div><br></div></div>